Setting up Vault Server on Centos

I am looking for an accurate setup guide for Vault server. I am following the official doc and it is not working. It seems that you have to have consul, is that correct? The system unit file (for startup) does not even work!??!?!

I am new to vault and I just want to stay it up on a standalone server to play. This cannot be this difficult. Any help is much appreciated!

since version 1.4 you don’t have to have Consul. you can use the internal raft storage.
… and just to play around, you could always startup in dev mode ?!?

I would like to set this up to be used with my ansble environment. I would love to just set up a “real” server.

Could you provide log files, outputs or some more informations than “the unit file is not working”?

First match at Google vault setup guide centos:

If you only want to build one server, you don’t need raft or consul as a backend. Using the file system as storage backend should be sufficient for this and simplifies the whole in the basic structure.

1 Like

I just signed up for a free trial with a license. The documentation is:

Screen Shot 2020-05-24 at 4.04.55 PM.png

This generates the help file? Is it me or is the documentation lacking?

You should use the learn guides first

Starting the Vault server is vault server not just vault.

You don’t need a license unless you want to use the enterprise features.

Hey there thanks for your response! Here is my config file:

listener “tcp” {
address = “127.0.0.1:8200”
tls_disable = 1
}

I guess I need to have a “storage block”. I wan to just run this as a POC server and use my local linux fs for storage. How do I do that?

storage "file" {
  path = "/mnt/vault/data"
}

Here is another example of lacking documentation. Under the “seal documentation” on site https://learn.hashicorp.com/vault/operations/ops-deployment-guide. They reference:

seal “pkcs11” { lib = “/usr/vault/lib/libCryptoki2_64.so” slot = “0” pin = “AAAA-BBBB-CCCC-DDDD” key_label = “vault-hsm-key” hmac_key_label = “vault-hsm-hmac-key” }

Where do I get the file from? Every direction I turn I find holes in the documentation. Any help is much appreciated as I am about ready to give up on this product and find another that has accurate documentation.

I expect a CentOS 7 user would be much happier with an rpm:
https://copr.fedorainfracloud.org/coprs/boeroboy/hashicorp/

Dave

Sorry about leaving you hanging. The issue was with the version of systems, it didn’t support some of the options. I updated my Amazon AMI and it worked. I now have it up and running and am getting through the various concepts.

thanks for all your help.

1 Like

Here is another example of lacking documentation. Under the “seal documentation” on site https://learn.hashicorp.com/vault/operations/ops-deployment-guide . They reference:

seal “pkcs11” { lib = “/usr/vault/lib/libCryptoki2_64.so” slot = “0” pin = “AAAA-BBBB-CCCC-DDDD” key_label = “vault-hsm-key” hmac_key_label = “vault-hsm-hmac-key” }

Where do I get the file from? Every direction I turn I find holes in the documentation. Any help is much appreciated as I am about ready to give up on this product and find another that has accurate documentation.

Hi & welcome -
The learn article has the Seal doc linked right above that example stanza, where you will find:

If you’re doing an evaluation to “play” as you mention, I’d recommend skipping the HSM. Maybe a cloud unseal that is within the OSS license? Do you have requirements set out that you want to test/validate with Vault? HSM would be an advanced setup and architecture, which is more organizational compliance related vs use case validation.

1 Like

Previously I have successfully integrated vault with HSM which was password enabled and was up and running.
I am at remote location connected to network , trying to start Vault Server integrated with Ped enabled HSM device.
I have added HSM configurations in vault Config file but didn’t know what should I set pin inorder to access HSM from Vault server.
I have tried entering admin pwd, Crypto officer pin and ped device attached to the HSM but still I am unable to start vault.

error parsing Seal configuration: error fetching session to test HSM key configuration: error logging in to HSM: pkcs11: 0x80000028
2021-07-13T05:39:54.367-0400 [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""

config:
{
“pkcs11”: {
“generate_key”: “true”,
“hmac_key_label”: “HashiCorp_hmac”,
“key_label”: “HashiCorp”,
“lib”: “/opt/vault/hsm/libCryptoki2_64.so”,
“pin”: “xxxxx”,
“slot”: “1”
}
}
]
Any Suggestions Please!..